Java token code to prevent recurring commit problems caused by refresh/rewind, non-struts

The post turns from Http://hi.baidu.com/bobylou, before the turn does not verify the article method is not valid, estimated the original author put it before the blog should have done test it.

struts itself has a complete set of token ( token ) mechanisms to prevent duplicate submissions , but the author's current project self-written framework is not used by struts, It also has to be self-written to prevent users from repeating or refreshing the token mechanism that submits the contents of the form. Not difficult, easy to achieve.

Principle of implementation: consistency. When a JSP generates a form, a hidden <input> field is inserted into the form, which is the token string saved on the page, and the string is stored in the session. Wait until the user submits the form, and the hidden token string is submitted. On the server side, look under whether the session contains a string equal to the token string. If there is, then it is the first time to submit the form, and then delete the token string stored at the session end, and then do the normal business logic flow, if not, then it means that the form is repeated commit, do the abnormal process, you can warn the prompt can do nothing.

Look at the code.

The first is the token master Class . Class is simple, and the main method is to annotate doc

/*
* Blog:http://hi.baidu.com/bobylou
* $Revision: 1.1 $
* $Date: 2007/07/18 10:02:55 $
* $Author: bobrow$
*/

Package com.paizuo.framework.util;

Import java.util.ArrayList;

Import javax.servlet.http.HttpSession;

public class Token{

private static final String Token_list_name = "Tokenlist";

public static final String token_string_name = "TOKEN";

private static ArrayList Gettokenlist (HttpSession session){
Object obj = Session.getattribute (token_list_name);
if (obj! = null){
Return (ArrayList) obj;
} else{
ArrayList tokenlist = new ArrayList ();
Session.setattribute (Token_list_name, tokenlist);
return tokenlist;
}
}

private static void Savetokenstring (String tokenstr, HttpSession session){
ArrayList tokenlist = gettokenlist (session);
Tokenlist.add (TOKENSTR);
Session.setattribute (Token_list_name, tokenlist);
}

private static String generatetokenstring (){
return new Long (System.currenttimemillis ()). ToString ();
}

/**
* Generate a token string, and save the string in session, then return the token string.
*
* @param HttpSession
* Session
* @return A token string used for enforcing a single request for a particular transaction.
*/
public static String Gettokenstring (HttpSession session){
String tokenstr = generatetokenstring ();
Savetokenstring (TOKENSTR, session);
return tokenstr;
}

/**
* Check whether token string is valid. If session contains the token string, return True.
* Otherwise, return false.
*
* @param String
* TOKENSTR
* @param HttpSession
* Session
* @return True:session contains tokenstr; False:session is null or TOKENSTR are ID not in session
*/
public static Boolean Istokenstringvalid (String Tokenstr, HttpSession session){
       boolean  valid = false;
       if (session != null) {
          arraylist tokenlist =  gettokenlist (session);
          if  (Tokenlist.contains (TOKENSTR))  < Span id= "Codehighlighter1_2116_2196_open_text" >{
              valid = true;
             tokenlist.remove (TOKENSTR);
          }
       }
       return valid;
    }
}

How to use?

On the JSP page side.

First import the class:

<%@ page import= "Com.paizuo.framework.util.Token"%>

The form contains a hidden token string:

<form>

<input type= "hidden" name= "<%=token.token_string_name%>" value= "<%=token.gettokenstring (session)%> ">

</form>

The server-side action is tested.

if (Token.istokenstringvalid (Request.getparameter (Token.token_string_name), Request.getsession ())){
Conduct normal business processes
}
else{
Perform anti-duplication submission process
}

Complete.

Java token code, non-struts

to prevent duplicate commit problems caused by refresh/rewind